Thread: Notice from Amazon
View Single Post
Old 03-04-2016, 03:27 PM   #8
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
The Amazon Kindle Bookstore is already running TLS1.2:
Code:
  0.385818  192.168.0.2 -> 54.239.26.128 TCP 1514 [TCP segment of a reassembled PDU]
  0.385837  192.168.0.2 -> 54.239.26.128 TLSv1.2 1084 Application Data
and
Code:
  1.239265  192.168.0.1 -> 192.168.0.2  DNS 197 Standard query response CNAME dk9ps7goqoeef.cloudfront.net A 54.230.123.173 A 54.230.123.231 A 54.230.123.223 A 54.230.123.149
  1.241844 54.230.123.223 -> 192.168.0.2  TLSv1.2 1514 Server Hello
  1.241854  192.168.0.2 -> 54.230.123.223 TCP 66 59615 > https [ACK] Seq=206 Ack=1449 Win=17504 Len=0 TSval=47226446 TSecr=664413038
  1.243790 54.230.123.223 -> 192.168.0.2  TLSv1.2 1514 Certificate
  1.243798  192.168.0.2 -> 54.230.123.223 TCP 66 59615 > https [ACK] Seq=206 Ack=2897 Win=20400 Len=0 TSval=47226446 TSecr=664413038
  1.245757 54.230.123.223 -> 192.168.0.2  TCP 1514 [TCP segment of a reassembled PDU]
  1.245763  192.168.0.2 -> 54.230.123.223 TCP 66 59615 > https [ACK] Seq=206 Ack=4345 Win=23296 Len=0 TSval=47226447 TSecr=664413038
  1.246405 54.230.123.223 -> 192.168.0.2  TLSv1.2 479 Certificate Status, Server Key Exchange, Server Hello Done
  1.246411  192.168.0.2 -> 54.230.123.223 TCP 66 59615 > https [ACK] Seq=206 Ack=4758 Win=26192 Len=0 TSval=47226447 TSecr=664413038
  1.254459  192.168.0.2 -> 54.230.123.223 TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Hello Request, Hello Request
The thing is, it will (now) still respond to TLS1.0 (A.K.A: SSLv3) and it is the SSLv3 protocol that is broken.

My guess - they are going to stop accepting the TLS1/SSLv3 combination protocol.

And if you check:
https://www.mobileread.com/forums/sho...15&postcount=1
You will see that the current BBB filter is not blocking:
Code:
NetRange:       54.224.0.0 - 54.239.255.255
CIDR:           54.224.0.0/12
NetName:        AMAZON-2011L
NetHandle:      NET-54-224-0-0-1
Parent:         NET54 (NET-54-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS16509
Organization:   Amazon Technologies Inc. (AT-88-Z)
RegDate:        2012-03-01
Updated:        2012-04-02
Ref:            https://whois.arin.net/rest/net/NET-54-224-0-0-1
(A lot of the page objects have also moved to cloudfront.net - another change not accounted for.)

= = = =

If any user of the old (and still the present) BBB filter is concerned about that access to the store -
The ruleset is in USB storage (see the directions) and you can add the CIDR above to the rule list in the obvious places.

Meanwhile, back on the home front -
busy, busy, busy
Last edited by knc1; 03-04-2016 at 03:50 PM.
knc1 is offline   Reply With Quote